We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.
Start a Discussion
Cloud Computing
user-pic

Do the Same People Responsible for Intra-Enterprise Security Have the Right Skills to Define Your Enterprise's Cloud Computing Security Policies?

Vote 0 Votes
JP Morgenthal: Security seems to be a predominate issue with regard to Cloud. Yet, most enterprise environments are currently compromised (e.g. bots, trojans, improper configuration, etc).  So do the same people responsible for intra-enterprise security have the right skills to define your enterprise's Cloud Computing security policies?

3 Replies

| Add a Reply
  • If the same people responsible for intra-enterprise security were to define your cloud security policy, you would get NONE of the value from the cloud.

    Intra enterprise security teams seem predisposed to avoiding doing anything because doing ANYTHING is less secure than doing NOTHING.

    On the other hand, the cloud, especially externally hosted clouds open up the possibilities and it requires a new mindset to data security and application entitlements.

  • I do not get how the first paragraph relates to the second one in the Mukund's response...

    If the same people responsible for intra-enterprise security were to define your cloud security policy, you would get NONE of the value from the cloud, IMO, because the cloud should become very concrete and transparent. Every move has to be secured and controlled (this is my experience with an intra-enterprise security). Modern standards issued in the UK and Euro-zone even harden security requirements in operations and technology.

    I think that the intra-enterprise security people must, at least, verify and validate what the cloud providers do. Many intra-enterprise security people have the right skills and, at the same time, do not have a pressure to sell the cloud to the business.

  • Most of the Intra-Enterprise Security folks have been operating within the enterprise boundary and hence they are well versed with security considerations for their organization – e.g. password strength policies. However, they may not have sufficient knowledge of the intricacies of cloud to define the overall security model.

    The SaaS/Cloud providers have more insight in to security considerations for Cloud and are better placed to define an overall flexible security model applicable across enterprises. The intra-enterprise security team needs to work in conjunction with the SaaS/Cloud provider to tailor the security model to meet their enterprise security requirements for the cloud.

Add a Reply

Recently Commented On

Monthly Archives

Blogs

ADVERTISEMENT